Modern technologies for inbound traffic through NAT boxes?

From: Dan Lyke 
Yet again a conversation has turned to "wouldn't it be great if we
could make a device that you plugged in to your home network and you
could access it from anywhere?"

I know the obvious solutions: Configure your NAT box to pass a socket
through (or a DMZ), pass data out to a third server and either proxy
through that server, or do something funky with that server to poke a
hole through to a third party (ala Skype or distributed IM systems),

Anyone know the current state of "box inside the NAT network wants to
be visible to and discovered by device outside"?



=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have an answer, but it might sound snarky.... so instead I'll offer recent sightings in the wild as options.... 1)IPv6 (It's usually tunneled and slow, but sometimes works) or 2a)HTTP[S] connection to 2b)SSL-VPN connection to + 3)You point whatever you want to connect to and the C&C commands are relayed from cloud to home. or 4)UPnP - Nasty, nasty business IMHO....** **Side note, my firewall will properly ignore such non-sense... but my L3 switch that is the gateway for each network certainly built up ... something with a device I recently turned up that had UPnP enabled. More to come as I investigate further, as the switch shouldn't be entertaining such notions either, and I had a bitch of a time figuring out exactly WTF was going on. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - iQEcBAEBAgAGBQJRddKNAAoJEMP+wtEOVbcdKRIIAKjDe8YMylMqoOYyKWNWIqRr MkONWLkeHYjT684n4YrT4aoWVeCYSvNyHowCc0NdiABMOGnTgVxing99aGm+kHWy AGUydGnZ+riOeF1PwKVsaZCzx0O7tkR3/Lin2KqWI4QdT0GVNym1DLR/rmELOD/Q dxfCrSLGlYtu02jwGA9ffOKpJtKuPIu0N+oIuHvFPcnHjBkp2qjWQTqXuKUm/BWE N1bMFZDYY2qmMxzcYvVjg5sp5SYXN3IdQ6r7oQA2BpLXhE9W6Q8aLTiwCx5XeQOf rXvN706znPKyqXMh2jy5akngoRXACA7g01dG5A1hwj0OdVBSep+Q1ACGUmcsJro= =UjU4 -----END PGP SIGNATURE-----

=============================================================== From: Eric Wolf ------------------------------------------------------ Everything I've got is special purpose: PogoPlug iomega NAS Vera Lite zWave controller DirecTV DVR These are mostly exposed to Android/iOS apps. For general purpose... I'd set up an SSH tunnel. You could probably use a RaspberryPI for such a purpose. -Eric -=--=---=----=----=---=--=-=--=---=----=---=--=-=- Eric B. Wolf 720-334-7734

=============================================================== From: John Aldrich ------------------------------------------------------ Well, there are specialized apps for this... some of which even run on Linux. Teamviewer is one of those apps which will allow you to access your machine inside the firewall from outside. If you just want access to certain files, use Google Drive or DropBox or ...

=============================================================== From: Dan Lyke ------------------------------------------------------ On Mon, 22 Apr 2013 20:15:09 -0400 Dave Brockman wrote: Hmmm... hadn't thought about plug in a device on an IPv4 NATted network, it creates an IPv6 tunnel out, external accesses can happen via ... well, nobody's cell phone is on an IPv6 network yet, but sometime in the future! Thanks, that got me Googling for things that'd at least let me send an email full of "there's this option, but..." Dan

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You might want to check your phone again.... At least one US National carrier has Native IPv6 on their cell devices... Let me know if you run out of buts :) Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - iQEcBAEBAgAGBQJRdtHfAAoJEMP+wtEOVbcdL1QIAJ8S5IxYgKnACwuthTDMFtFi FDw9OyqWcr6uSovqgukaT92X0smCKVjETOBfiVu5tXmtuikHp2DJGWlYeIjmkSEC +y3moDQAdTObeoNaBNKV/L0DG6+yMF/a22SEEym4fwuBcnSZ+CyvLbCSLyJ4Xoos 3+2b92B4fB04FW+RiQkfiUIqCGuaDgn5NGdf7snUn2vnfN17h/2W7Py/Fyuxzo00 0V7I5e2qABYd0hTWcANNrjqgSyI36P1tGW8TRJL/oq34YKedE3Mb+pTfs+LQz1Rc 1hI9VvfgiqD/gWCXH+gfedXh7b/p5fzQJ8TQBQ3F7qze8GlrMVSlr7YZJywdbr8= =btBT -----END PGP SIGNATURE-----

=============================================================== From: Mike Smith ------------------------------------------------------ I've been meaning to give Localtunnel a try: Thanks, Mike Smith (423) 650-4417